You are here:

Your Firm is Safer in the Cloud

“A great barometer of the legal profession’s approach to technology in general…[is] adoption rates and attitudes about [the cloud],” says Niki Black. And they don’t look good. According to this year’s ILTA/Inside Legal Buyers Survey, “60% of survey respondents indicated that <25% of firm software and service solutions could be cloud-based within the next 1-3 years.”

This low number may be partially caused by an ignorance of what constitutes cloud software. As Michael Kemps points out, many firms are already in the cloud without realizing it, using cloud-based email or legal research tools. Another potential explanation is the pervasiveness of myths about the cloud. Fears of security breaches, loss of control, and inflexible tools still persist in the legal space.

However, rather than letting the mystery about cloud avoidance stand, the ILTA/Inside Legal survey probed further. It asked buyers about their hesitations, and 63% revealed that they avoided cloud computing because of security concerns! The same narrative was told by 2015 AmLaw-LTN Tech Survey respondents, with “a whopping 86% identifying [security] as the biggest inhibitor of adoption.” Although Greylock and Sequoia predicted in 2014 that enthusiasm about the cloud would assuage security fears, that prediction did not come true in the legal field.

It is true that security is very hard to get right, and that it is very important. However, the rhetoric of the “insecure cloud” is an urban legend: believed by many, but supported by little evidence. Here are some truths about cloud security you may not know:

Remote servers don’t mean less control.

Putting your data in the cloud may feel like losing control. 61% of responders to the 2015 AmLaw-LTN Tech Survey cited this concern when considering cloud adoption. It’s easy to understand why having a physical object hold documents can be more comforting than placing files on a remote server. After all, we’ve used treasure chests and storage cabinets for centuries – and many lawyers still remember the binder-filled rooms that used to serve as the hubs of review projects. However, physical paper is no longer the dominant format in which information is stored. There are now stronger ways to protect data that have made physical possession far less relevant in guaranteeing security.

Encryption

Fears of losing control are often related to data being out of eyesight when it is moved to the cloud. However, simply being able to physically visit a local server doesn’t mean it’s better protected. You still can’t see what’s on them, or detect breaches or missing data just by standing next to them. With cloud servers, all data is encrypted end-to-end. Encryption bars anyone from reaching the files, even with physical access to the server location. In this way, encryption is the great equalizer: no one can see the files, physical access or not.

Permissions

When using cloud tools, you can monitor the activity of your documents from anywhere, not just your office. This means you can easily track who has altered documents in the cloud, unlike with files on a local storage server. You can set, modify, and delete access permissions whenever you like without having to be at your desktop.

Round-the-Clock

Also, cloud providers often have staff working 24/7 on security. By contrast, hiring 24/7 on-premise monitoring for your local office could be prohibitively expensive.

Backups

Another common fear related to losing control: “But what if the cloud goes down? Won’t I lose all my data?” In this unlikely situation, you’ll find that a cloud tool may be even more secure than a local one. Cloud tools continuously and routinely back up to multiple servers to make sure that your data never gets lost. Hosted tools, on the other hand, offer little chance of recovering locally-saved information should your device get lost, stolen, or destroyed – or if your office is somehow inaccessible during an emergency.

Cloud tools are engineered with good security in mind from the start.

Cloud providers make protecting users the default. They have to, or they would jeopardize their business.

Expertise

As a result, cloud providers always have staff with expertise specific to security. On the other hand, with on-premise solutions, you’re reliant on your local IT team, who may not possess that expertise. According to a survey of in-house IT security teams by Freeform Dynamics, “there is a large gap between the desired ability to implement on-premise security and the actual capabilities to deliver it.” Particularly, many IT teams expressed a lack of confidence in implementing automation of security management, a key component of effective and efficient security.

Field Advances

And don’t forget that they would have to keep up with the rapidly-changing advances in the security field, on top of their other responsibilities. Many cloud solutions have security experts whose only job is to stay current with these developments.

Fix Deployment Speed

But even if a local support team has security chops, you’ll want to consider another security variable: speed of updates. New viruses and threats emerge all the time, often exploiting thousands of users before making it onto the news. Because they can update in real-time, cloud providers can deploy the latest security patches for emerging threats to all their customers, virtually immediately. On-premise tools are not as flexible: you will likely need to wait for a local installation before you can benefit from new security patches. That means your system is more likely to be outdated and vulnerable.

Pressure Testing

Finally, cloud tools are often built on open source or oft-used frameworks. That means they have thousands or millions of testers seeking vulnerabilities and discovering fixes. That’s more than all of the customers of any hosted legal platform.

The security fears of the legal industry often do a lot to discourage cloud adoption. However, based on the points above, those fears are founded more in fiction than in fact. The next time your firm is considering a cloud solution, bring up these points; you could be the key influencer who helps your firm avoid the next major security debacle.

6 Comments

I think most would agree that hosted providers can offer better levels of security. One aspect not mentioned here, though, is auditability. Some clients now require the option of 3rd party audits, to which many hosted providers understandably cannot submit. That is a significant roadblock.

I should clarify–I’m including “cloud” under the umbrella of hosted providers. Many providers have their own auditing, but very few providers will let in 3rd party auditors at a customer’s or customer’s client’s request, which is the issue.

As for data on the relative security of hosted providers vs. on-premises, I don’t have any stats to offer. However, given dedicated staff and focus, they can offer better security than most of their customers are equipped to offer in-house.